diff options
author | Steve French <sfrench@us.ibm.com> | 2006-06-28 00:13:38 +0000 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2006-06-28 00:13:38 +0000 |
commit | f40c562855294bf4e7268274d7461dc32c1e6b25 (patch) | |
tree | 23259eb48ddd99b080014937781e363993d21624 | |
parent | 0223cf0b10bdb3b557d8884b1a957cc64be843c3 (diff) |
[CIFS] Fix authentication choice so we do not force NTLMv2 unless the
user specifies it is required or turns of ntlm
Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r-- | fs/cifs/cifssmb.c | 10 | ||||
-rw-r--r-- | fs/cifs/sess.c | 3 |
2 files changed, 9 insertions, 4 deletions
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index de405bfb67d..19678c575df 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c @@ -415,6 +415,8 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) else /* if override flags set only sign/seal OR them with global auth */ secFlags = extended_security | ses->overrideSecFlg; + cFYI(1,("secFlags 0x%x",secFlags)); + pSMB->hdr.Mid = GetNextMid(server); pSMB->hdr.Flags2 |= SMBFLG2_UNICODE; if((secFlags & CIFSSEC_MUST_KRB5) == CIFSSEC_MUST_KRB5) @@ -511,11 +513,13 @@ CIFSSMBNegotiate(unsigned int xid, struct cifsSesInfo *ses) cERROR(1,("Server requests plain text password" " but client support disabled")); - if(secFlags & CIFSSEC_MUST_NTLMV2) + if((secFlags & CIFSSEC_MUST_NTLMV2) == CIFSSEC_MUST_NTLMV2) server->secType = NTLMv2; - else + else if(secFlags & CIFSSEC_MAY_NTLM) server->secType = NTLM; - /* else krb5 ... */ + else if(secFlags & CIFSSEC_MAY_NTLMV2) + server->secType = NTLMv2; + /* else krb5 ... any others ... */ /* one byte, so no need to convert this or EncryptionKeyLen from little endian */ diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index b7d49c03985..7202d534ef0 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -323,11 +323,12 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time, __u16 action; int bytes_remaining; - cFYI(1,("new sess setup")); if(ses == NULL) return -EINVAL; type = ses->server->secType; + + cFYI(1,("sess setup type %d",type)); if(type == LANMAN) { #ifndef CONFIG_CIFS_WEAK_PW_HASH /* LANMAN and plaintext are less secure and off by default. |